Database administration accounts are frequently granted more permissions to the local host system than are necessary. This allows inadvertent or malicious changes to the host operating system.
Revoke all host system privileges from the DBA group accounts and DBA user accounts not required for DBMS administration.
Revoke all OS group memberships that assign excessive privileges to the DBA group accounts and DBA user accounts.
Remove any directly applied permissions or user rights from the DBA group accounts and DBA user accounts.
You should document all DBA group accounts and individual DBA account assigned privileges in the System Security Plan.
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.